Abstraction-Based Static Analysis of Buffer Overruns in C Programs
| dc.contributor.advisor | Dr. Matthias Stallmann, Committee Member | en_US |
| dc.contributor.advisor | Dr. Peng Ning, Committee Member | en_US |
| dc.contributor.advisor | Dr. Daniel C DuVarney, Committee Member | en_US |
| dc.contributor.advisor | Dr. S Purushothaman Iyer, Committee Chair | en_US |
| dc.contributor.author | Srinivasa, Gopal Ranganatha | en_US |
| dc.date.accessioned | 2010-04-02T18:18:49Z | |
| dc.date.available | 2010-04-02T18:18:49Z | |
| dc.date.issued | 2003-07-07 | en_US |
| dc.degree.discipline | Computer Science | en_US |
| dc.degree.level | thesis | en_US |
| dc.degree.name | MS | en_US |
| dc.description.abstract | Bounds violations or buffer overruns have historically been a major source of defects in software systems, making bounds checking a key component in practical automatic verification methods. With the advent of the Internet, buffer overruns have been exploited by attackers to break into secure systems as well. Many security violations ranging from the 1988 Internet worm incident to the AnalogX Proxy server vulnerability have been attributed to buffer overruns. Programs written in the C language, which comprise most of the systems software available today, are particularly vulnerable because of the lack of array bounds checking in the C compiler, presence of pointers that can be used to write anywhere in memory, and the weak type system of the C language. Many methods have been proposed to detect these errors. Runtime methods that detect buffer overruns suffer from significant overhead and incomplete coverage, while compile time methods could suffer from low accuracy and poor scalability. In this thesis, we propose a new technique for bounds checking based on data abstraction that is more accurate, more scalable, and suffers from no runtime overhead. Enhancements have been made to C Wolf, a suite of model generation tools, to handle buffer overflow analysis. Case studies on web2c, a publicly available software package, pico server, an open source web server, and on the wu-ftpd server are presented to demonstrate the practicality of the technique. | en_US |
| dc.identifier.other | etd-07032003-111255 | en_US |
| dc.identifier.uri | http://www.lib.ncsu.edu/resolver/1840.16/2925 | |
| dc.rights | I hereby certify that, if appropriate, I have obtained and attached hereto a written permission statement from the owner(s) of each third party copyrighted matter to be included in my thesis, dissertation, or project report, allowing distribution as specified below. I certify that the version I submitted is the same as that approved by my advisory committee. I hereby grant to NC State University or its agents the non-exclusive license to archive and make accessible, under the conditions specified below, my thesis, dissertation, or project report in whole or in part in all forms of media, now or hereafter known. I retain all other ownership rights to the copyright of the thesis, dissertation or project report. I also retain the right to use in future works (such as articles or books) all or part of this thesis, dissertation, or project report. | en_US |
| dc.subject | static analysis | en_US |
| dc.subject | data abstraction | en_US |
| dc.subject | partial order | en_US |
| dc.subject | abstract interpretation | en_US |
| dc.subject | buffer overflows | en_US |
| dc.subject | buffer overruns | en_US |
| dc.title | Abstraction-Based Static Analysis of Buffer Overruns in C Programs | en_US |
Files
Original bundle
1 - 1 of 1
